Canada technically shares a land border with Denmark: Hans Island

This was such a big worry of mine, but I’m only down 12% average versus the summer and I live in Canada.

What I do to keep DNS consistent inside and out is use Tailscale on all my clients. I host a DNS server hosted on my tailnet that is set up as split DNS for my “kickassdomain.org”.

Fwiw I switched from k3s to Talos and find it much easier to manage. I run 3 mini 1L PCs with rook-ceph and it works flawlessly even on 1Gbe.

I have used all three! I started with Server then went to CoreOS running Kubernetes and settled on NixOS which I have been very happy with for about a year now. I run about 25-30 services all using built in modules.

Regarding security, if you are using well crafted modules on NixOS, there should be good systemd hardening in place. That being said there is no reason you can’t just use containers on NixOS.

I also find deploying NixOS far superior to butane/ignition used by CoreOS/Fedora. I use nixos-anywhere and can deploy my entire server in a few minutes without manual intervention.